461
Multifactor auth done right
(l.roofo.cc)
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Wow would you look at that, still none of them cover what SMS is >:( Almost like it's not a second factor, and fuck every corporation that tries to claim that it is
SMS is something you have, IE access to your phone. Doesn't mean it's the best option, SMS is notorious for being insecure
The 10,000 support staff with dubious social engineering training at your service provider are not "something you have". Case in point literally a few weeks ago https://arstechnica.com/tech-policy/2023/12/verizon-fell-for-fake-search-warrant-gave-victims-phone-data-to-stalker/
This is an article describing someone impersonating an officer and submitting a fake warrant. It's incredible that Verizon fell for it, but what does it have to do with SMS?
It means that if I want access to something that has been texted to you, I don't exactly need to be a government in order to get it.
It would be fine if it weren’t for sim swapping.
But try asking anyone at your bank about a yubikey and watch them stare at you like you have broccoli growing out of your ears.